Trouble W2K Server

D

Dwane

Can someone help me correct these errors in the event
logs?

Application Log.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 10/29/2003
Time: 10:55:32 AM
User: NT AUTHORITY\SYSTEM
Computer: OPRSVR2
Description:
Windows cannot determine the user or computer name.
Return value (1326).

System Log.
Event Type: Error
Event Source: SAM
Event Category: None
Event ID: 16650
Date: 10/29/2003
Time: 11:03:33 AM
User: N/A
Computer: OPRSVR2
Description:
The account-identifier allocator failed to initialize
properly. The record data contains the NT error code
that caused the failure. Windows 2000 will retry the
initialization until it succeeds; until that time,
account creation will be denied on this Domain
Controller. Please look for other SAM event logs that
may indicate the exact reason for the failure.

Directory Service Log.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 10/29/2003
Time: 10:52:25 AM
User: N/A
Computer: OPRSVR2
Description:
The attempt to establish a replication link with
parameters

Partition: CN=Schema,CN=Configuration,DC=csa1,DC=com
Source DSA DN: CN=NTDS
Settings,CN=OPRSVR1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=csa1,DC=com
Source DSA Address: 07f2d3da-1806-4043-9fcf-
e6f572c15eea._msdcs.csa1.com
Inter-site Transport (if any):

failed with the following status:

Logon failure: unknown user name or bad password.

The record data is the status code. This operation will
be retried.

File Replication Service Log.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 10/28/2003
Time: 12:36:05 PM
User: N/A
Computer: OPRSVR2
Description:
Following is the summary of warnings and errors
encountered by File Replication Service while polling the
Domain Controller oprsvr2.csa1.com for FRS replica set
configuration information.

Could not bind to a Domain Controller. Will try again at
next polling cycle.

I also get this error when I try to use DCPROMO.
DCPROMO Error:
The operation failed because: Binding to server
oprsvr1.csa1.com using the supplied credentials
failed "The operation being requested was not performed
because the user has not been authenticated. "

The operation failed because:
The Directory Service failed to replicate off changes
made locally.
"The DSA operation is unable to proceed because of a DNS
lookup failure. "

Thanks
Dwane
 
C

Cary Shultz [A.D. MVP]

Dwane,

Just a few more details would be helpful. It looks like you have been
receiving these errors for the last month? How long has this DC been in
production? What has changed?

I typically suggest that you run both dcdiag /v and netdiag /v on all your
WIN2000 Servers. Have you done this? Are you familiar with the Support
Tools? You can also download these two utilities as individual files. The
Support Tools are located in two places: on the WIN2000 Server CD in the
Support | Tools folder and on the WIN2000 Service Pack CD in the Support |
Tools folder. Alternatively, you can go to
http://www.microsoft.com/downloads and simply search for 'dcdiag' and
'netdiag' and find them.

I might also suggest that you take a look at http://www.eventid.net and then
simply enter in the error code that you are getting ( the 1000 or the 16650,
for example ). There is usually a description with the possible solutions.

You might want to take a look at repadmin and replmon as well. Netdom would
be a good choice as well. These are all part of the Support Tools.

I might also suggest that you provide a whole bunch more information. Are
we talking about multiple Sites ( the Inter-Site Transport leads me to
suspect this )? You might want to diagram for us the set up so that we can
help you better.

HTH,

Cary
 
D

Dwane

Cary,
Here is some history.
We had four NT 4.0 servers (1-PDC,3-BDC). Upgraded the
PDC first (no problems). Upgraded BDC#1 (no problems).
Upgraded BDC#2 (problems).

Yes, I have tried some of the tools listed (dcdiag &
netdiag). They worked on GOSVR1 (PDC) & OPRSVR1 (BDC#1).

OPRSVR2 (BDC#2)
dcdiag RETURNS
DC Diagnosis

Performing initial setup:
[oprsvr2] LDAP bind failed with error 31,
A device attached to the system is not functioning..

netdiag RETURNS (parts that failed)
Local Area Connection
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly.

Local Area Connection 2
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly. You have a potential name conflict. Please
check that the machine name is unique.

Global results:
Domain membership test .......: Failed
[WARNING] The system volume has not been completely
replicated to the local machine. This machine is not
working properly as a DC.
NetBT name test .......: Failed
DC list test .......: Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_FOUND]
Trust relationship test .......: Failed [FATAL] Secure
channel to domain 'CSASTAFF1' is broken.
[ERROR_ACCESS_DENIED]

I hope this information help to some my problem.

Thanks
Dwane
-----Original Message-----
Dwane,

Just a few more details would be helpful. It looks like you have been
receiving these errors for the last month? How long has this DC been in
production? What has changed?

I typically suggest that you run both dcdiag /v and netdiag /v on all your
WIN2000 Servers. Have you done this? Are you familiar with the Support
Tools? You can also download these two utilities as individual files. The
Support Tools are located in two places: on the WIN2000 Server CD in the
Support | Tools folder and on the WIN2000 Service Pack CD in the Support |
Tools folder. Alternatively, you can go to
http://www.microsoft.com/downloads and simply search for 'dcdiag' and
'netdiag' and find them.

I might also suggest that you take a look at
Click to expand...
http://www.eventid.net and then
 
C

Cary Shultz [A.D. MVP]

Dwane,

So it appears that there is simply a problem with that one NT4 BDC that you
attempted to upgrade to WIN2000. Not that this solves the issues with this
machine but have you considered running dcpromo on it again ( so that it is
no longer a DC ) and then running dcpromo on it again ( so that it is a DC
again )?

However, I would look at the errors before doing that. In fact, I
remembered something about LDAP error 31 so I did a little research and look
what I found:

http://support.microsoft.com/default.aspx?scid=kb;en-us;329873&Product=win2000

It is essentially suggesting that the userAccountControl might not have the
proper attribute associated with it. I think that you might find that it
has an attribute of 4096. If it is a DC then that attribute needs to be
532480, as stated in the article.

I would also check to make sure that the TCP/IP information is correct. Is
this machine showing up in DNS? How about after the reboot? Is this
machine multi-homed ( meaning, does it have multiple NICs )?

Let us know what this brings you...

HTH,

Cary


Dwane said:
Cary,
Here is some history.
We had four NT 4.0 servers (1-PDC,3-BDC). Upgraded the
PDC first (no problems). Upgraded BDC#1 (no problems).
Upgraded BDC#2 (problems).

Yes, I have tried some of the tools listed (dcdiag &
netdiag). They worked on GOSVR1 (PDC) & OPRSVR1 (BDC#1).

OPRSVR2 (BDC#2)
dcdiag RETURNS
DC Diagnosis

Performing initial setup:
[oprsvr2] LDAP bind failed with error 31,
A device attached to the system is not functioning..

netdiag RETURNS (parts that failed)
Local Area Connection
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly.

Local Area Connection 2
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly. You have a potential name conflict. Please
check that the machine name is unique.

Global results:
Domain membership test .......: Failed
[WARNING] The system volume has not been completely
replicated to the local machine. This machine is not
working properly as a DC.
NetBT name test .......: Failed
DC list test .......: Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_FOUND]
Trust relationship test .......: Failed [FATAL] Secure
channel to domain 'CSASTAFF1' is broken.
[ERROR_ACCESS_DENIED]

I hope this information help to some my problem.

Thanks
Dwane
-----Original Message-----
Dwane,

Just a few more details would be helpful. It looks like you have been
receiving these errors for the last month? How long has this DC been in
production? What has changed?

I typically suggest that you run both dcdiag /v and netdiag /v on all your
WIN2000 Servers. Have you done this? Are you familiar with the Support
Tools? You can also download these two utilities as individual files. The
Support Tools are located in two places: on the WIN2000 Server CD in the
Support | Tools folder and on the WIN2000 Service Pack CD in the Support |
Tools folder. Alternatively, you can go to
http://www.microsoft.com/downloads and simply search for 'dcdiag' and
'netdiag' and find them.

I might also suggest that you take a look at
Click to expand...
http://www.eventid.net and then
simply enter in the error code that you are getting ( the 1000 or the 16650,
for example ). There is usually a description with the possible solutions.

You might want to take a look at repadmin and replmon as well. Netdom would
be a good choice as well. These are all part of the Support Tools.

I might also suggest that you provide a whole bunch more information. Are
we talking about multiple Sites ( the Inter-Site Transport leads me to
suspect this )? You might want to diagram for us the set up so that we can
help you better.

HTH,

Cary





.
Click to expand...
Click to expand...
 
C

Cary Shultz [A.D. MVP]

Furthermore,

Take a look at the following:

http://support.microsoft.com/default.aspx?scid=kb;en-us;131740&Product=win2000

Also, does the SYSTEM account have Full Control on the sysvol?

There should also be a dcpromo log file located in C:\WINNT\DEBUG if I
remember correctly. What does that show?

HTH,

Cary


Cary Shultz said:
Dwane,

So it appears that there is simply a problem with that one NT4 BDC that you
attempted to upgrade to WIN2000. Not that this solves the issues with this
machine but have you considered running dcpromo on it again ( so that it is
no longer a DC ) and then running dcpromo on it again ( so that it is a DC
again )?

However, I would look at the errors before doing that. In fact, I
remembered something about LDAP error 31 so I did a little research and look
what I found:

http://support.microsoft.com/default.aspx?scid=kb;en-us;329873&Product=win2000

It is essentially suggesting that the userAccountControl might not have the
proper attribute associated with it. I think that you might find that it
has an attribute of 4096. If it is a DC then that attribute needs to be
532480, as stated in the article.

I would also check to make sure that the TCP/IP information is correct. Is
this machine showing up in DNS? How about after the reboot? Is this
machine multi-homed ( meaning, does it have multiple NICs )?

Let us know what this brings you...

HTH,

Cary


Dwane said:
Cary,
Here is some history.
We had four NT 4.0 servers (1-PDC,3-BDC). Upgraded the
PDC first (no problems). Upgraded BDC#1 (no problems).
Upgraded BDC#2 (problems).

Yes, I have tried some of the tools listed (dcdiag &
netdiag). They worked on GOSVR1 (PDC) & OPRSVR1 (BDC#1).

OPRSVR2 (BDC#2)
dcdiag RETURNS
DC Diagnosis

Performing initial setup:
[oprsvr2] LDAP bind failed with error 31,
A device attached to the system is not functioning..

netdiag RETURNS (parts that failed)
Local Area Connection
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly.

Local Area Connection 2
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly. You have a potential name conflict. Please
check that the machine name is unique.

Global results:
Domain membership test .......: Failed
[WARNING] The system volume has not been completely
replicated to the local machine. This machine is not
working properly as a DC.
NetBT name test .......: Failed
DC list test .......: Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_FOUND]
Trust relationship test .......: Failed [FATAL] Secure
channel to domain 'CSASTAFF1' is broken.
[ERROR_ACCESS_DENIED]

I hope this information help to some my problem.

Thanks
Dwane
-----Original Message-----
Dwane,

Just a few more details would be helpful. It looks like you have been
receiving these errors for the last month? How long has this DC been in
production? What has changed?

I typically suggest that you run both dcdiag /v and netdiag /v on all your
WIN2000 Servers. Have you done this? Are you familiar with the Support
Tools? You can also download these two utilities as individual files. The
Support Tools are located in two places: on the WIN2000 Server CD in the
Support | Tools folder and on the WIN2000 Service Pack CD in the Support |
Tools folder. Alternatively, you can go to
http://www.microsoft.com/downloads and simply search for 'dcdiag' and
'netdiag' and find them.

I might also suggest that you take a look at
Click to expand...
http://www.eventid.net and then
simply enter in the error code that you are getting ( the 1000 or the 16650,
for example ). There is usually a description with the possible solutions.

You might want to take a look at repadmin and replmon as well. Netdom would
be a good choice as well. These are all part of the Support Tools.

I might also suggest that you provide a whole bunch more information. Are
we talking about multiple Sites ( the Inter-Site Transport leads me to
suspect this )? You might want to diagram for us the set up so that we can
help you better.

HTH,

Cary


Can someone help me correct these errors in the event
logs?

Application Log.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 10/29/2003
Time: 10:55:32 AM
User: NT AUTHORITY\SYSTEM
Computer: OPRSVR2
Description:
Windows cannot determine the user or computer name.
Return value (1326).

System Log.
Event Type: Error
Event Source: SAM
Event Category: None
Event ID: 16650
Date: 10/29/2003
Time: 11:03:33 AM
User: N/A
Computer: OPRSVR2
Description:
The account-identifier allocator failed to initialize
properly. The record data contains the NT error code
that caused the failure. Windows 2000 will retry the
initialization until it succeeds; until that time,
account creation will be denied on this Domain
Controller. Please look for other SAM event logs that
may indicate the exact reason for the failure.

Directory Service Log.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 10/29/2003
Time: 10:52:25 AM
User: N/A
Computer: OPRSVR2
Description:
The attempt to establish a replication link with
parameters

Partition: CN=Schema,CN=Configuration,DC=csa1,DC=com
Source DSA DN: CN=NTDS
Settings,CN=OPRSVR1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=csa1,DC=com
Source DSA Address: 07f2d3da-1806-4043-9fcf-
e6f572c15eea._msdcs.csa1.com
Inter-site Transport (if any):

failed with the following status:

Logon failure: unknown user name or bad password.

The record data is the status code. This operation will
be retried.

File Replication Service Log.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 10/28/2003
Time: 12:36:05 PM
User: N/A
Computer: OPRSVR2
Description:
Following is the summary of warnings and errors
encountered by File Replication Service while polling the
Domain Controller oprsvr2.csa1.com for FRS replica set
configuration information.

Could not bind to a Domain Controller. Will try again at
next polling cycle.

I also get this error when I try to use DCPROMO.
DCPROMO Error:
The operation failed because: Binding to server
oprsvr1.csa1.com using the supplied credentials
failed "The operation being requested was not performed
because the user has not been authenticated. "

The operation failed because:
The Directory Service failed to replicate off changes
made locally.
"The DSA operation is unable to proceed because of a DNS
lookup failure. "

Thanks
Dwane



.
Click to expand...
Click to expand...
Click to expand...
 
D

Dwane

Cary,
The machine shows up in the DNS after rebooting. The
machine is multi-homed. The DCPROMO will not complete.
Take a look at the bottom of this post to see the result
of DCPROMO.

I found article 332199 which shows how to force the
demotion of AD Domain Controllers
(DCPROMO /FORCEREMOVAL). This took care of the errors
that I reported. This server was the internal DNS & WINS
server for our network. I disable both of these service
before installing AD again along with one network
interface. The server is a DC again without these errors
appearing in the event log. I would like to thank you
again for all your help.

Dwane
-----Original Message-----
Furthermore,

Take a look at the following:

http://support.microsoft.com/default.aspx?scid=kb;en- us;131740&Product=win2000

Also, does the SYSTEM account have Full Control on the sysvol?

There should also be a dcpromo log file located in C:\WINNT\DEBUG if I
remember correctly. What does that show?

HTH,

Cary


one NT4 BDC that
you the issues with
this again ( so that it
is little research and
look
Click to expand...
userAccountControl might not have
the
proper attribute associated with it. I think that you might find that it
has an attribute of 4096. If it is a DC then that attribute needs to be
532480, as stated in the article.

I would also check to make sure that the TCP/IP
Click to expand...
information is correct.
Is
this machine showing up in DNS? How about after the reboot? Is this
machine multi-homed ( meaning, does it have multiple NICs )?

Let us know what this brings you...

HTH,

Cary


Cary,
Here is some history.
We had four NT 4.0 servers (1-PDC,3-BDC). Upgraded the
PDC first (no problems). Upgraded BDC#1 (no problems).
Upgraded BDC#2 (problems).

Yes, I have tried some of the tools listed (dcdiag &
netdiag). They worked on GOSVR1 (PDC) & OPRSVR1 (BDC#1).

OPRSVR2 (BDC#2)
dcdiag RETURNS
DC Diagnosis

Performing initial setup:
[oprsvr2] LDAP bind failed with error 31,
A device attached to the system is not functioning..

netdiag RETURNS (parts that failed)
Local Area Connection
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly.

Local Area Connection 2
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly. You have a potential name conflict. Please
check that the machine name is unique.

Global results:
Domain membership test .......: Failed
[WARNING] The system volume has not been completely
replicated to the local machine. This machine is not
working properly as a DC.
NetBT name test .......: Failed
DC list test .......: Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_FOUND]
Trust relationship test .......: Failed [FATAL] Secure
channel to domain 'CSASTAFF1' is broken.
[ERROR_ACCESS_DENIED]

I hope this information help to some my problem.

Thanks
Dwane

-----Original Message-----
Dwane,

Just a few more details would be helpful. It looks like
you have been
receiving these errors for the last month? How long has
this DC been in
production? What has changed?

I typically suggest that you run both dcdiag /v and
netdiag /v on all your
WIN2000 Servers. Have you done this? Are you familiar
with the Support
Tools? You can also download these two utilities as
individual files. The
Support Tools are located in two places: on the WIN2000
Server CD in the
Support | Tools folder and on the WIN2000 Service Pack
CD in the Support |
Tools folder. Alternatively, you can go to
http://www.microsoft.com/downloads and simply search
for 'dcdiag' and
'netdiag' and find them.

I might also suggest that you take a look at
http://www.eventid.net and then
simply enter in the error code that you are getting (
the 1000 or the 16650,
for example ). There is usually a description with the
possible solutions.

You might want to take a look at repadmin and replmon as
well. Netdom would
be a good choice as well. These are all part of the
Support Tools.

I might also suggest that you provide a whole bunch more
information. Are
we talking about multiple Sites ( the Inter-Site
Transport leads me to
suspect this )? You might want to diagram for us the
set up so that we can
help you better.

HTH,

Cary


message
Can someone help me correct these errors in the event
logs?

Application Log.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 10/29/2003
Time: 10:55:32 AM
User: NT AUTHORITY\SYSTEM
Computer: OPRSVR2
Description:
Windows cannot determine the user or computer name.
Return value (1326).

System Log.
Event Type: Error
Event Source: SAM
Event Category: None
Event ID: 16650
Date: 10/29/2003
Time: 11:03:33 AM
User: N/A
Computer: OPRSVR2
Description:
The account-identifier allocator failed to initialize
properly. The record data contains the NT error code
that caused the failure. Windows 2000 will retry the
initialization until it succeeds; until that time,
account creation will be denied on this Domain
Controller. Please look for other SAM event logs that
may indicate the exact reason for the failure.

Directory Service Log.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 10/29/2003
Time: 10:52:25 AM
User: N/A
Computer: OPRSVR2
Description:
The attempt to establish a replication link with
parameters

Partition: CN=Schema,CN=Configuration,DC=csa1,DC=com
Source DSA DN: CN=NTDS
Settings,CN=OPRSVR1,CN=Servers,CN=Default-First- Site-
Name,CN=Sites,CN=Configuration,DC=csa1,DC=com
Source DSA Address: 07f2d3da-1806-4043-9fcf-
e6f572c15eea._msdcs.csa1.com
Inter-site Transport (if any):

failed with the following status:

Logon failure: unknown user name or bad password.

The record data is the status code. This operation
will
be retried.

File Replication Service Log.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 10/28/2003
Time: 12:36:05 PM
User: N/A
Computer: OPRSVR2
Description:
Following is the summary of warnings and errors
encountered by File Replication Service while polling
the
Domain Controller oprsvr2.csa1.com for FRS replica set
configuration information.

Could not bind to a Domain Controller. Will try again
at
next polling cycle.

I also get this error when I try to use DCPROMO.
DCPROMO Error:
The operation failed because: Binding to server
oprsvr1.csa1.com using the supplied credentials
failed "The operation being requested was not
performed
because the user has not been authenticated. "

The operation failed because:
The Directory Service failed to replicate off changes
made locally.
"The DSA operation is unable to proceed because of a
DNS
lookup failure. "

Thanks
Dwane



.
Click to expand...
Click to expand...


.
Click to expand...
 
C

Cary Shultz [A.D. MVP]

Dwane,

Glad that everything is working now.

Cary

Dwane said:
Cary,
The machine shows up in the DNS after rebooting. The
machine is multi-homed. The DCPROMO will not complete.
Take a look at the bottom of this post to see the result
of DCPROMO.

I found article 332199 which shows how to force the
demotion of AD Domain Controllers
(DCPROMO /FORCEREMOVAL). This took care of the errors
that I reported. This server was the internal DNS & WINS
server for our network. I disable both of these service
before installing AD again along with one network
interface. The server is a DC again without these errors
appearing in the event log. I would like to thank you
again for all your help.

Dwane
-----Original Message-----
Furthermore,

Take a look at the following:

http://support.microsoft.com/default.aspx?scid=kb;en- us;131740&Product=win2000

Also, does the SYSTEM account have Full Control on the sysvol?

There should also be a dcpromo log file located in C:\WINNT\DEBUG if I
remember correctly. What does that show?

HTH,

Cary


one NT4 BDC that
you the issues with
this again ( so that it
is little research and
look
Click to expand...
userAccountControl might not have
the
proper attribute associated with it. I think that you might find that it
has an attribute of 4096. If it is a DC then that attribute needs to be
532480, as stated in the article.

I would also check to make sure that the TCP/IP
Click to expand...
information is correct.
Is
this machine showing up in DNS? How about after the reboot? Is this
machine multi-homed ( meaning, does it have multiple NICs )?

Let us know what this brings you...

HTH,

Cary


Cary,
Here is some history.
We had four NT 4.0 servers (1-PDC,3-BDC). Upgraded the
PDC first (no problems). Upgraded BDC#1 (no problems).
Upgraded BDC#2 (problems).

Yes, I have tried some of the tools listed (dcdiag &
netdiag). They worked on GOSVR1 (PDC) & OPRSVR1 (BDC#1).

OPRSVR2 (BDC#2)
dcdiag RETURNS
DC Diagnosis

Performing initial setup:
[oprsvr2] LDAP bind failed with error 31,
A device attached to the system is not functioning..

netdiag RETURNS (parts that failed)
Local Area Connection
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly.

Local Area Connection 2
NetBT name test .......: Failed
At least one of your NetBT names is not registered
properly. You have a potential name conflict. Please
check that the machine name is unique.

Global results:
Domain membership test .......: Failed
[WARNING] The system volume has not been completely
replicated to the local machine. This machine is not
working properly as a DC.
NetBT name test .......: Failed
DC list test .......: Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_FOUND]
Trust relationship test .......: Failed [FATAL] Secure
channel to domain 'CSASTAFF1' is broken.
[ERROR_ACCESS_DENIED]

I hope this information help to some my problem.

Thanks
Dwane

-----Original Message-----
Dwane,

Just a few more details would be helpful. It looks like
you have been
receiving these errors for the last month? How long has
this DC been in
production? What has changed?

I typically suggest that you run both dcdiag /v and
netdiag /v on all your
WIN2000 Servers. Have you done this? Are you familiar
with the Support
Tools? You can also download these two utilities as
individual files. The
Support Tools are located in two places: on the WIN2000
Server CD in the
Support | Tools folder and on the WIN2000 Service Pack
CD in the Support |
Tools folder. Alternatively, you can go to
http://www.microsoft.com/downloads and simply search
for 'dcdiag' and
'netdiag' and find them.

I might also suggest that you take a look at
http://www.eventid.net and then
simply enter in the error code that you are getting (
the 1000 or the 16650,
for example ). There is usually a description with the
possible solutions.

You might want to take a look at repadmin and replmon as
well. Netdom would
be a good choice as well. These are all part of the
Support Tools.

I might also suggest that you provide a whole bunch more
information. Are
we talking about multiple Sites ( the Inter-Site
Transport leads me to
suspect this )? You might want to diagram for us the
set up so that we can
help you better.

HTH,

Cary


message
Can someone help me correct these errors in the event
logs?

Application Log.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 10/29/2003
Time: 10:55:32 AM
User: NT AUTHORITY\SYSTEM
Computer: OPRSVR2
Description:
Windows cannot determine the user or computer name.
Return value (1326).

System Log.
Event Type: Error
Event Source: SAM
Event Category: None
Event ID: 16650
Date: 10/29/2003
Time: 11:03:33 AM
User: N/A
Computer: OPRSVR2
Description:
The account-identifier allocator failed to initialize
properly. The record data contains the NT error code
that caused the failure. Windows 2000 will retry the
initialization until it succeeds; until that time,
account creation will be denied on this Domain
Controller. Please look for other SAM event logs that
may indicate the exact reason for the failure.

Directory Service Log.
Event Type: Warning
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1265
Date: 10/29/2003
Time: 10:52:25 AM
User: N/A
Computer: OPRSVR2
Description:
The attempt to establish a replication link with
parameters

Partition: CN=Schema,CN=Configuration,DC=csa1,DC=com
Source DSA DN: CN=NTDS
Settings,CN=OPRSVR1,CN=Servers,CN=Default-First- Site-
Name,CN=Sites,CN=Configuration,DC=csa1,DC=com
Source DSA Address: 07f2d3da-1806-4043-9fcf-
e6f572c15eea._msdcs.csa1.com
Inter-site Transport (if any):

failed with the following status:

Logon failure: unknown user name or bad password.

The record data is the status code. This operation
will
be retried.

File Replication Service Log.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 10/28/2003
Time: 12:36:05 PM
User: N/A
Computer: OPRSVR2
Description:
Following is the summary of warnings and errors
encountered by File Replication Service while polling
the
Domain Controller oprsvr2.csa1.com for FRS replica set
configuration information.

Could not bind to a Domain Controller. Will try again
at
next polling cycle.

I also get this error when I try to use DCPROMO.
DCPROMO Error:
The operation failed because: Binding to server
oprsvr1.csa1.com using the supplied credentials
failed "The operation being requested was not
performed
because the user has not been authenticated. "

The operation failed because:
The Directory Service failed to replicate off changes
made locally.
"The DSA operation is unable to proceed because of a
DNS
lookup failure. "

Thanks
Dwane



.
Click to expand...


.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

active directory replication not worked 4
AD Replication Problem 2
event id 1265 2
DC Hardware failure - unable to remove server from AD 2
Active Directory and DNS errors 11
Dcpromo succeeds but replication fails 0
Replication between 2 DC 2
Active Directory Replication Problem... 0

Top